Posted
by
timothy
on Tuesday August 19, 2014 @10:09AM
from the makes-great-gift-wrapping-too dept.

itwbennett (1594911) writes In a follow-up to yesterday's story about the Chinese hackers who stole hospital data of 4.5 million patients, IDG News Service's Martyn Williams set out to learn why the data, which didn't include credit card information, was so valuable. The answer is depressingly simple: people without health insurance can potentially get treatment by using medical data of one of the hacking victims. John Halamka, chief information officer of the Beth Israel Deaconess Medical Center and chairman of the New England Healthcare Exchange Network, said a medical record can be worth between $50 and $250 to the right customer — many times more than the amount typically paid for a credit card number, or the cents paid for a user name and password. "If I am one of the 50 million Americans who are uninsured ... and I need a million-dollar heart transplant, for $250 I can get a complete medical record including insurance company details," he said.

The parasites in congress are the problem, not the answer. They're feeding their friends, the lawyers. Let's be honest; It's a lot better for me to order tests than to evaluate a person. The insurance company doesn't pay me to do the latter, and the lawyers are waiting for me to do the former. The more tests I do, the harder a case they have to demonstrate, and the lower my insurance, so higher my profit. It's really simple. Keep electing your lizards instead of their lizards, and healthcare will continue t

and how many times have people, especially women have gone to the doctor and been ignored or told their symptoms were nothing? when the doctor should have done a test or procedure based on the patient's complaint? or in my wife's case a lower doctor wanted to do a c-section without doing the right tests first and her doctor who was the chief of obgyn at the hospital said no and after they did the tests it was found a c-section was not required

even then it's hard to sue for malpractice. the lawyers who do this have nurses on staff who review the charts and only a small percentage end up in a lawsuit.

Oh really? Exactly how is one's JavaScript supposed to be able to tell if a post comes from a mobile device? Is there a slash post page that logs the useragent, IP, OS, or whatever that us plebs have access to? Also, I don't particularly expect a reply from you since you obviously only wanted to insult the first AC for asking for a simple request.

Since you wanted to play the Grammar Nazi card and took extra care to fluff up your response to sound as pretentious and educated as possible, allow me to cri

A +2 Hell yeah! to you sir!Best retort to Grammer/spelling Nazi I have seen yet.

It always amuses me how the pendants seem to exemplify the very things they wish to bitch about.The worst being the ones who like to use antiquated meanings or rules that have long since fallen out of conventional usage.

You must be oblivious to the amount of debt and inflation around you. That, and el presidente is about to enable millions of illegal immigrants the ability to work on the cheap and vote themselves "free" shit. Oh, and that throws the entire black community under the bus whom are already competing for jobs of the same ability. Meanwhile, they send over a net 20+ billion in wealth (per year) from the US compounding the hemorrhaging effect on the economy.

Yes, because the single payer systems in Europe of trouble free right?

I'm not saying we don't have an issue, but your 1 step solution is a joke. The same corruption, greed and poor administration that afflicts us now would continue in the new system. It would just include all the problems of government waste and politics as well.

The problem in the US is states have enacted their own laws governing what treatment is required by law. So states that are pro-patient rights oppose allowing patients being able to seek insurance outside of the state as that would be an end run around their laws. As a result, patients cannot for any meaningful patients rights groups of a large enough size to make a difference in the healthcare market. There aren't enough doctors because younger doctors can make more money doing plastic surgery and other cosmetic specialty work, and the older doctors get pair so much they only feel the need to work 2 days a week. Tuition to medical schools in this country is borderline insane.

This is a very complex issue and throwing black and white solutions at it while calling your opponents stupid will get your no-where.

Same is true in Oz, overall an Aussie family of 4 pays about 1/10th of the price they would pay in the US for health cover and yet the US has statistically inferior health outcomes.

The US health system is a (sad) laughing stock of the western world, and is by far the most expensive for individuals. But at the end of the day the irrational fear of "socialism" amongst average americans has given them the inefficient private system they demanded.

Not necessarily. Administration is a very nebulous term, and your data is incomplete. Is this 31% of expenditures covered by medicare? Medicaid? Private insurance? A combination of two or more?

Paul Krugman (who has a fucking Nobel prize in economics) has explained all that in his New York Times column.

One of Krugman's examples is to compare regular Medicare with Medicare Advantage. The insurance industry and their Republican and "moderate" Democratic supporters said that they could do it more efficiently in the free market. They had their chance. The government paid the insurance companies 15% more for Medicare Advantage to "help them get started," and it finally went down to 5% more. They were n

I'm serious. Where did you go to school? Because I want to make sure that absolutely nobody I know goes there. Wow. If your plan was to take the daily prize for grammatical errors, missing words, lack of sense, and so on, well, congratulations as we have a winner.

You're (you might notice that I spelled that correctly) the only person I know of to ever mention individual state laws as a health care problem. A law can simply be passed making health care a federal matter to deal with that. And tu

Yes, because the single payer systems in Europe of trouble free right?

I'm not saying we don't have an issue, but your 1 step solution is a joke. The same corruption, greed and poor administration that afflicts us now would continue in the new system. It would just include all the problems of government waste and politics as well.

"Government waste"? Every other health care system in the world has lower costs that the US as a percentage of GDP and per capita:

Yes, because the single payer systems in Europe of trouble free right?

Ever hear, "Price, quality and service. Pick any 2." The Europeans, and Canadians, have decided that they would let their waiting times increase to what they feel is a tolerable amount. In exchange, they have quality about equal to ours and it costs around half of what we pay.

I've compared the outcomes of surgery, cancer, heart disease, and other treatments in the US/Canada/Europe/Australia, and they're all about the same in developed countries. Some of the best outcomes are in the Veterans Affairs system -

the million-dollar heart transplant is loaded with markup where you can likely go out side of the usa and pay way less for it.

Yeah. With heart transplants, as with anything else, you get (more or less) what you pay for.
Sure, that discount heart transplant you paid $30 for in Mumbai *might* be just fine...but I'd bet my life against it.

Boy, is that ever the exception that proves the rule. In order to get a heart transplant somebody had to sue the California prison system for him.

If they didn't want to pay for it, they could have released him on parole. He was sentenced for burglary and robbery. A patient with heart failure isn't going to be able to commit any more burglaries and robberies. He'll be lucky if he can walk around the block.

Despite this unusual example, prisoners have some of the worst health care in the country.

I never said it was free, but we all pay taxes while only some of us don't have to fork out ridiculous additional sums for medical cover.

For example, I will never be hit with a bill for medical treatments my insurance won't cover. There isn't a moment I have to worry about getting charged for my stay in hospital. I don't have to worry about whether my insurance will cover the drugs my doctor has prescribed me, the most I will pay is £8.05, even if the drug costs £10,000 a course.

Yes that is true. What's also true is that most people doesn't need the most expensive type of treatment which makes the total less than a medical insurance in the US. The difference is that those that can't afford paying for an insurance still can get the necessary care. And if one want to and can afford it - go for it and get an insurance too and get that unnecessary CT scan or MRI whenever you feel like!

Ah, no. It has helped. Somewhat. Mostly it's shuffled the deck a bit. Still a whole bunch of people with essentially no way to pay for healthcare. The ACA was never designed to completely solve the problem, only improve it. And improve it a bit it has, with quite a bit of collateral damage.

The really sad part about the ACA is that the big winners were the insurance companies. They had to suck up and drop the pre existing conditions clause and had to allow for children to stay on their parent's insu

As a person in the medical billing field, I've regularly seen faked insurance cards, but they're easy to weed out thanks to electronic eligibility verification. Given that people will walk right up to the counter with their "Homana" insurance card printed on cheap paper, I can absolutely believe that we've treated people who claim to be Jane Doe, have an insurance card with Jane Doe's name, group and policy # on it, and know Jane Doe's DOB (sufficient information to pass eligibility verification). The only way the insurance company would figure it out is if the real Jane Doe was being seen by a doctor somewhere else that day, or if Jane Doe actually read any of the paperwork she gets past the line "This is not a bill".

The idea that somebody would get a million-dollar heart transplant with a stolen SSN number and DOB seems especially preposterous. The surgeons would have to go over the previous medical history and records in great detail.

The guy they quoted was CIO of Beth Israel Deaconess hospital. Either I'm awfully stupid, or he got it wrong.

A friend of mine had to travel to New Orleans for his liver transplant because he was going to die before getting it in Canada... He paid cash, about $250k. He was told he got a deal because he paid cash. Insurance companies get billed about double because they take months or sometimes years to pay, and always argue the amount so the hospital has to settle for a lesser amount to get paid in finite time; hence the artificial inflation.

I'd agree with you. Using a person's name, address, social security number, and date of birth (all items included in the hacking), you can steal someone's identity and open lines of credit in their name. Then you run up a big tab, buying electronics and the like, and let the person whose identity you stole deal with the bill. This happened to me awhile back, except I was lucky that the thieves paid for rush delivery of the credit card before changing the address from mine to theirs. The card arrived at

I'm amazed at how skillfully the finance and corporate community has ingrained "identity theft" into consumer's minds. (And yes, I'm using "consumer" instead of "citizen" on purpose.)

If someone uses a fake credit card to buy items from a store, they have defrauded the store and the credit card company. It should be irrelevant whether the name on that card is fake, or belongs to some other uninvolved third party.

And yet, the industry has managed to redirect the mindset and conversation to shift much of the blame onto that uninvolved third party, making them feel like they are the ones violated by this process, and leaving them with the mess to clean up while those defrauded only write off their losses after the third party goes through hoops to "prove" their own innocence. Meanwhile, there's rarely effort to go after the actual criminal at all.

I understand the reasons why there is a credit market, but I reject the notion that what was once called fraud, perpetrated against a business that is responsible for their losses, is now theft against an unrelated third party that is guilty until proven innocent by the corporate megaliths that run the financial world.

I agree that it is fraud and that it's ridiculous that the result of Identity theft is up to the affected person to prove/clean up. I don't think that the name "Identity theft" puts the blame on the victim, though, any more than "car theft" puts the blame on the owner of the stolen car. (Before someone complains "identity theft isn't theft because you still have your identity", imagine if someone kept "borrowing" your car while you slept but returned it every morning with more scratches and dings. You'd still have use of it when you wanted it, but the value of the car would drop quickly and it would be up to you to pay the repair costs. This is what identity thieves do to your credit.)

Sadly, as was my experience during my identity theft, the companies just don't care. The credit card companies see the fraud as something to write off as a cost of doing business and then they move on. Capital One actively blocked both me and the police from investigating. They told me "we can't give you the address on the card with your name on it because if you go and kill the person, we'd be liable." They would just ignore when the police called. (Calls routed to a voicemail box that was never answered.) The credit agencies are even worse. They see your credit file as a profit engine. New lines of credit on your credit file help drive their profits. Anything that blocks this is bad for business. So protecting against identity theft is bad for business. As far as the fraud goes? Well, that's the little people's concern, not theirs. (I was lucky that I caught it when I did or I'd have been fixing the problem for a long, long time.)

>> I don't think that the name "Identity theft" puts the blame on the victim, though, any more than "car theft" puts the blame on the owner of the stolen car.

I think there is a distinction, though, because in the case of "car theft", you rarely have to prove that it was not you using the car. Imagine if every time a car was stolen, the owner never noticed until it was used in a robbery (or driven through a red light camera), and you were assumed guilty until you proved it was not you driving. That

The thesis is that you can waltz into a doctor's office AND a hospital with faked records and get the treatment needed. Basically the important bit is the insurance info - what has happened to "you" is less important than what you want to eventually happen to you (in the example given, a heart transplant).

I kinda doubt this, at least in a general sense. First off, you can show all the insurance cards and 'insurance info' to the medical provider all you want. The provider is going to query the insurance company before doing anything expensive. Fine, you say, call them all you want, the 'patient' is insured (it's just not the right patient). Now comes the hard part. The minute that the insurance company starts getting claims from both Peoria and Trenton, NJ flags are going to go up. Other old records would be sought (for something big like a transplant or joint replacement) which would likely not match.

Anything remotely resembling a heart transplant is going to fall apart unless both the real and fake patient have nearly identical physiques, ages and problems. More routine issues could go undetected for a while but persistent discrepancies would show up and as soon as the insurance company flagged the claim as problematic, big ticket items would be placed on hold until things go cleared up. When I worked in an early Medicaid HMO in the 1980's we had some problems with folks 'sharing' the Medicaid ID card (no picture, just a printout basically). It was pretty obvious when the patient's weight varied 30 pounds every other week. We soon insisted on photo ID.

And, in fact, the feds also insist on photo ID these days. Yes, if you're bleeding out we don't ask for it up front but as soon as your blood pressure normalizes we're poking around to figure out just who you are.

So it's possible that that full on medical records might be of value, but it's going to be much harder to monetize than a credit card number and likely would be of limited use. That doesn't mean that the information shouldn't be sealed up, of course. I'm just not sure how big a deal this is. And, in the case of the Community breach, they apparently did not get that information anyway.

Yes, the summary's idea that one could get a heart transplant with faked records is baloney. But there are a lot of simpler health care interactions which are easier to get with faked records, such as basic prescriptions. And it's not much harder to monetize, you do it the same way you do credit cards. Those marketplaces are well established for both CC info and health info, in many cases they are the same place.

You may be right with prescriptions. And the people using the fake medical identity would not be getting the prescriptions for themselves but for resale on the black market, and would probably be a career criminal. If they are local (relative to the real person) and they go to the same pharmacy (which would already have the account info in their computer) maybe they wouldn't be asked for ID or flagged as fraudulent. Although it's still a little hard to believe, because the drugs that are valuable on the bla

Yes, the summary's idea that one could get a heart transplant with faked records is baloney. But there are a lot of simpler health care interactions which are easier to get with faked records, such as basic prescriptions. And it's not much harder to monetize, you do it the same way you do credit cards. Those marketplaces are well established for both CC info and health info, in many cases they are the same place.

It only works for so long - insurance has dealt with this fraud for ages now too - they get curi

"On the other hand, I suppose someone's glaucoma could get me medicinal marijuana..."There are doctors who specialize in the medical cards. All you have to 'prove' is that you have any chronic pain (or basically, any condition) at all. All you do is take in a copy of your medical records and a 'C' note and you're in. Here in Spokane they open their doors once a month for renewals and new issues. There are few doctors in the issuing system, and they generally work a few days in each town.

You're right about he insurance, but I can't help but wonder if the reasons the data is valuable are far more mundane: in order to target specific product and services for sale. If you know a patient has a specific condition, you can target them with ads for specific therapies.

Some hospitals are taking photos of patients with higher cost proceedures as early as 6 years ago. My photo is in my medical records. A stolen ID would be spotted by any staff reviewing my medical history.

Maybe, but maybe not. I know someone whose identity was stolen and used by a criminal who was arrested. Despite the fact that the guy looks NOTHING like the criminal in question (different height, weight, skin color, etc), he found himself fired from his job for having a criminal record and harassed by police officers who just assumed he was the criminal. It took him years to get anyone to even listen to him and even then it took years to fix the problem as one fixed system would get "re-infected" as the bad data flowed back in from other systems.

Some hospitals are taking photos of patients with higher cost proceedures as early as 6 years ago. My photo is in my medical records. A stolen ID would be spotted by any staff reviewing my medical history.

Presumably not if the imposter went somewhere in the country where you've never been.

If I am one of the 50 million Americans who are uninsured... and I need a million-dollar heart transplant, for $250 I can get a complete medical record including insurance company details

Something tells me it would be a little trickier than that given all that is involved in that million-dollar heart transplant. Not to mention all the local news coverage, the calls to the insurance company prior to surgery given the high cost of the surgery, getting on the waiting list, etc, etc. Not to say that it's

Moving to the UK's system means no insurance company, and your employer et al do not have access to your medical records. In-fact, most doctors do not have access to your medical records - they are only now bringing in a system where your medical records are shared on an on-demand basis with other hospitals and surgeries. Walk into an A&E department and they won't have your medical records.

No, it's the people with diabetes, or cancer.
You steel a record that is as close as possible to your own, and you use it.
God help the real patient, who has to worry about doctors looking at the thieves' medical results.

Getting a record that is close to your own would be of no benefit. If you need a heart transplant, you get the records of a patient that is worse off than you, so that you can gain a better position on the transplant waiting list.

The first sensible comment I have seen.Obviously using it to get a heart (kidney, corneal, etc) transplant is ridiculous as the waiting period is far too long to maintain the charade. Maybe useful to defraud a pharmacy for some oxycotin (and the good drugs are so tightly watched that this is unlikely, my wife is on morphine, and she is monitored closely by both the doctor and pharmacy)

Plus a poor uninsured can get medical treatment just by walking into a hospital, they won't get transplants, but just about

The reference claims medical identity theft is the most common type [kaiserhealthnews.org] of identity theft. but I dont beleive because there are relatively few cases in news about it compared to fake credit card and account withdrawals. It might be source of the most general identity thefts, due the looseness of medical record keeping.

That is not necessary. All they need to do is ask for a government issued photo ID card, and make sure the name on the card matches the name on the insurance form. My experience is that about 100% of doctors and hospitals already do that. TFA claims that just knowing an SSN and DOB is enough, and that is not true.

Because nobody could possibly figure out how to make a fake photo ID [wikihow.com]?

That requires far more effort than just downloading an SSN and DOB, especially faking a modern ID with holograms, embossing, and maybe an embedded chip. It also increases the legal consequences if you get caught.

All they need to do is ask for a government issued photo ID card, and make sure the name on the card matches the name on the insurance form. My experience is that about 100% of doctors and hospitals already do that. TFA claims that just knowing an SSN and DOB is enough, and that is not true.

All they need to do is look up the patient's electronic medical record (if they ever get that working), and see that the height, weight, blood pressure, and contact information are all different.

I don't know how somebody could get my SSN and DOB, and figure out where I get my health insurance. If they did, I'd get their bills, and I'd know that something was wrong.

Hospitals do get patients coming into the ER with fake names, and they have systems in place for dealing with it. There were a couple of articles

It should be noted that while Obamacare is no more socialist than taxes in general, it does have the unfortunate side-effect of decentivizing preventative health care. It's not exactly analogous to the "tragedy of the commons" theory since preventative measures are presumably still better for you in the long run, but it's not hard to imagine that people will become less healthy as a result having minimal fiscal responsibility for the outcome.

I don't think you can really make that case. Do upper middle class people with "Cadillac" insurance plans make less use of their preventative health care coverage than people who have been given subsidized coverage under the ACA? After all they have enjoyed out of pocket caps for a long time, and thus have been effectively deincentivized for a long time. Also, regardless of your insurance, the biggest fiscal impact of poor health is its effect on your career, not the medical bills. You can escape medical bi

In the 1930's the right cried 'socialism' to the building of the Grand Coulee dam. It was supposed to boost farming in the middle of Washington State. It was way more electricity and water than would be needed (and we really didn't need that much extra food production at the time).A few years later WWII happened, and it went from 'socialist' to 'forward thinking' when it allowed the mass production of aluminum for the war effort. (oddly the biggest socialist program in the country, the freeway system, met little opposition as it meant pork for every state, so like you said, they liked it, so it wasn't socialism)

Fortunately for us living here, it currently means very inexpensive electricity (8.8 cents per kwh per my last bill).

Yes, and what better time to propose it. Just out of WWII, and Ike just back from experiencing the German Autobahn.After participating in the pre-war three month mudslog crossing the US with tanks trucks and jeeps the multi-lane Autobahn must of been truly inspiring. And what better way to counter potential complaints of socialism than to make it a militarily advantageous.It would never make it through congress today, even framing it as a military necessity. Long term thinking has rather evaporated in a wor